<?php

require_once('libs/comment.lib.php');

class WikkaCommentHandler {

    var $Wikka              = null;
    var $has_access         = FALSE;
    var $redirect_message   = '';

    # interface strings
    var $empty_comment = 'Sorry, empty comments cannot be saved.';
    var $no_write_access = 'Sorry, you are not allowed to post comments to this page.';
    var $no_key = 'Your comment cannot be saved. Please contact the wiki administrator(1).';
    var $invalid_key = 'Your comment cannot be saved. Please contact the wiki administrator(2).';
    var $invalid_recaptcha = 'Invalid recaptcha: please try again.';
    var $comment_saved = 'Your comment was saved. Thank you.';

    function __construct($wikka) {
        $this->Wikka = $wikka;
        $this->has_access = ($wikka->HasAccess('comment') || $wikka->IsAdmin())
            && $wikka->existsPage($wikka->tag);
        $this->is_logged_in = ( $wikka->GetUser() ) ? 1 : 0;
        $this->body = (isset($_POST['body'])) ? trim($_POST['body']) : '';
        unset($_SESSION['recaptcha_comment_error']);
        unset($_SESSION['recaptcha_comment_body']);
    }

    function main()
    {
        if ( ! $this->has_access ) {
            return $this->deny_access($this->no_write_access);
        }

        if ( $this->validates() ) {
            $this->save_comment();
            add_comment_flash($this->comment_saved, 'success');
        }

        $this->redirect();
    }

    function save_comment() {
        $body = nl2br($this->Wikka->htmlspecialchars_ent($this->body));
        $this->Wikka->SaveComment($this->Wikka->tag, $body);
    }

    function deny_access($message) {
        $format = '<div id="content"><em class="error">%s</em></div>%s';
        printf($format, $message, "\n");
    }

    function redirect() {
        $this->Wikka->Redirect($this->Wikka->Href(), $this->redirect_message);
    }

    function validates()
    {
        $form_key = $this->Wikka->getSessionKey($_POST['form_id']);
        $session_key = $this->Wikka->hasValidSessionKey($form_key);

        if ( empty($this->body) ) {
            add_comment_flash($this->empty_comment, 'failure');
            return 0;
        }

        elseif ( $form_key === FALSE ) {
            add_comment_flash($this->no_key, 'failure');
            return 0;
        }

        elseif ( $session_key !== TRUE ) {
            add_comment_flash($this->invalid_key, 'failure');
            return 0;
        }

        elseif ( $this->Wikka->GetConfigValue('use_recaptcha') &&
            ! $this->is_logged_in ) {
            if ( ! $this->is_valid_recaptcha() ) {
                add_comment_flash($this->invalid_recaptcha, 'failure');
                return 0;
            }
        }

        return 1;
    }

    function is_valid_recaptcha() {
        require_once('3rdparty/plugins/recaptcha/recaptchalib.php');

        $RecaptchaResponse = recaptcha_check_answer (
            $this->Wikka->GetConfigValue('rc_private_key'),
            $_SERVER['REMOTE_ADDR'],
            $_POST["recaptcha_challenge_field"],
            $_POST["recaptcha_response_field"]
        );

        if ( ! $RecaptchaResponse->is_valid ) {
            $_SESSION['recaptcha_comment_error'] = $RecaptchaResponse->error;
            $_SESSION['recaptcha_comment_body'] = $this->body;
        }

        return $RecaptchaResponse->is_valid;
    }
}

$CommentHandler = new WikkaCommentHandler($this);
$CommentHandler->main();

?>
